What If They Try to Hack Amazon's Drones?

It's not just Amazon's Prime Air delivery drones—small UAVs of all kinds are coming to America. But what happens when digital attackers turn their attention to drones?

Not everyone is thrilled with the rise of civilian drones in American skies. Last week, after Amazon hyped its plan to deliver packages in half an hour via UAV (unmanned aerial vehicle), we wondered about the drone backlash happening in many part of the U.S. And while an angry few threatened to shoot down these delivery drones, a more pressing concern seems to be: What if people try to hack them?

Just last week, security researcher Samy Kamkar made news after announcing he had modified his Parrot AR.Drone quadcopter to hunt and hijack other drones. Employing simple hardware including a Raspberry Pi computer and a wireless transmitter, plus software tools such as aircrack-ng and Kamkar's own Skyjack, the pirate drone scans for nearby Parrot IP addresses. If it locates one, the drone will then hack the unencrypted Wi-Fi controls of its target and place the bot under Kamkar's control.

Kamkar says he designed Skyjack to "get people to pay a little attention to the potential security implications of drones flying around and becoming more ubiquitous in daily use."

Patrick Egan, drone advocate and editor of sUAS News, is not especially worried about Skyjack. Hackers can target Parrot drones, yes, but that's because those French recreational quadcopters run on Wi-Fi, not on radio frequencies. "The Parrot is something a father and [child] would play with in the yard."

Kamkar readily admits that there are limits to his hack. The Skyjack drone can stay in the air for only 10 minutes. Its strike range extends as far as its own Wi-Fi network, and it detects only those IP addresses associated with Parrot. But that's not the point. The drones that would be used for package delivery or other commercial uses in the future would be much harder to bring down, he says. But it's not impossible—and that's his point.

For example, high-tech pirates could target the unmanned aerial vehicle's GPS navigation system by jamming weak satellite signals, says Todd Humphreys, an aerospace engineering professor at University of Texas at Austin. "You can just get on the Internet and buy a so-called personal privacy device, and you can jam GPS receivers from about 10 meters to up to a mile away," Humphreys says. The more heavy-duty jammers cost only a few hundred dollars.

A drone with disrupted GPS navigation would be in trouble. In the best-case scenario, the vehicle could limp home by relying on its inertial measurement unit to provide a basic dead reckoning. A human operator could also help by remotely steering the drone with visual cues coming from onboard cameras.

But things get really dicey if an attacker jammed the communication link with the ground operator. Indeed, some of the "personal privacy devices" Humphreys mentions sport multiple antennas and are powerful enough to disrupt cellphone signals—which is what an Amazon drone probably would use for flying beyond line of sight, he says.

Even more insidious is spoofing GPS coordinates, whereby the drone is tricked into landing at (or crashing into) a location chosen by the attacker. "It is orders of magnitude more sophisticated, more complicated than jamming," Humphreys says, "but it has a bigger payoff in that the attack can go undetected."

The threat is not theoretical. In June 2012, Todd Humphreys and his research team spoofed and grounded an $80,000 drone during a demonstration for the Department of Homeland Security.

For now, the threats are being addressed incrementally. Georgia Tech, for example, has been conducting studies into autonomous vision-based navigation, while the Los Alamos National Laboratory wants to make robot movement less predictable.

"The advantage of acting unpredictably is that people who might want to exploit the robot cannot as easily anticipate where the robot might go next," says Los Alamos National Laboratory research engineer David Mascarenas.

Still, Humphreys is concerned about the proliferation of software-defined radios. Whereas GPS spoofing is still the purview of highly skilled ham radio operators, these new devices give computer hackers easy entrance into the field. One day, will teen hackers be able to just download a GPS spoofing program and hijack a drone as they would a computer?

A Part of Hearst Digital Media
Popular Mechanics participates in various affiliate marketing programs, which means we may get paid commissions on editorially chosen products purchased through our links to retailer sites.